Here's a question about dev.day.com, from the security checklist:
http://dev.day.com/docs/en/cq/current/deploying/security_checklist.html
I noticed if you add a selector to the URL, e.g.
http://dev.day.com/docs/en/cq/current/deploying/security_checklist.123.html
It appears to hit the publish server (assuming it hasn't been hit before). Has the DoS attack prevent script been implemented on this site?
Also, you can just add a URL parameter to hit the publisher:
http://dev.day.com/docs/en/cq/current/deploying/security_checklist.html?a=b
Shouldn't it be possible to block unknown query params or uncacheable requests via the dispatcher or webserver?
Thanks!